Whether a well-established company or one just getting started with cybersecurity risk management programs, those in the industry often can use a little help navigating the cumbersome and technical systems. This snapshot features pointers to clarify existing guidance and help organizations manage cybersecurity risk.
Gadgets and gizmos are not the only things beset by the U.S. Defense Department’s continued battle with shrinking budget dollars. While some projects may be delayed, and others even derailed, the civilian work force “is now showing the early signs of stress,” Alan Shaffer, acting assistant defense secretary for research and engineering, recently warned Congress.
Furloughs, the government shutdown and sequestration, and decreasing budgets have an adverse impact on the 100,000 personnel that make up the Defense Department’s science and technology (S&T) work force.
Anyone following the progress of the Joint Information Environment (JIE) knows by now that it is not a program of record. No one will see large procurements to provide the JIE. It definitely is a framework: it defines standards and architectures for consistency across the defense environment. It defines a core environment and interfaces for the connection of networks and systems to the core.
The Defense Department drive toward its Joint Information Environment is picking up speed as it progresses toward its goal of assimilating military networks across the warfighting realm. Individual services are developing solutions, some of which are targeted for their own requirements, that are being applied to the overarching goal of linking the entire defense environment.
The Department of Homeland Security (DHS) has released guidance to help citizens protect themselves from the recent Heartbleed cyberthreat. This bug makes websites that use OpenSSL vulnerable to attacks that could be used to obtain names, passwords and credit card numbers.
Once the Joint Information Environment (JIE) is in place, the U.S. Defense Department may be able to deploy secure mobile apps much more quickly than it can with today’s cumbersome process, according to Teri Takai, Defense Department chief information officer.
High school students from six schools across the nation will split $50,000 in scholarships after competing in the CyberPatriot VI competition, a culminating tournament in which participants tested strategies to defend computers and networks against cyber attacks. CyberPatriot kicked off in November with roughly 1,600 students from all 50 states and wrapped up March 29, 2014.
Attacks on a computer’s Basic Input/Output System (BIOS) do not receive a lot of attention, and protecting against them is often not a priority, but they are on the rise, say researchers at The MITRE Corporation, a not-for-profit research organization funded by the U.S. government. The MITRE team is developing tools to protect against BIOS attacks and is searching for organizations to help evaluate those tools.
A tactical technology support organization that has been serving the U.S. Marines for decades is beginning to find a role in the cyber domain. The group offers a broad range of services, including test and evaluation, engineering and network integration. It also supports users across the Defense Department, U.S. government and allies.
It is not surprising that cybersecurity would dominate the discussion on the second day of the AFCEA Homeland Security Conference in Washington, D.C. But the depth and breadth and variety of topics surrounding cybersecurity and information protection in all its forms indicates the degree to which the information security mission has engulfed every department and agency at all levels of government.
Chief information security officials from various agencies voiced support for the Department of Homeland Security's Continuous Diagnostics and Mitigation (CDM) Program, which is designed to fortify computer networks across the federal government. The officials spoke out in support of the program while serving on a panel during the AFCEA Homeland Security Conference, Washington, D.C. Panel moderator John Streufert, director of Federal Network Resilience at the Department of Homeland Security, took the opportunity to put some rumors to rest.
The real challenge to keeping the homeland secure is dealing with the world's increasing complexity, Adm. Thad Allen, USCG, (Ret.), executive vice president of Booz Allen Hamilton, told the audience at the AFCEA Homeland Security Conference in Washington, D.C., on Monday during his luncheon keynote address.
The U.S. Navy is looking to technology to help it fulfill its mission obligations in a time of severe budget constraints. Commercial technologies may provide effective solutions at a fraction of their military counterparts; innovations promise to add advanced capabilities to existing platforms; and new readiness plans may help economize deployments while increasing effectiveness. However, a lot of plans must fall into place for these technologies to take their places in the force.
The realm of cyberspace, created by the United States, could be the undoing of its next major military operation unless the country regains control of its own creation. The virtual realm was let loose on the world where it was embraced by all manner of users, and some of them are counting on their expertise in it to overcome the overwhelming power of the U.S. military.
The U.S. Navy’s focus on information dominance is increasing along with its reach. Having organized the force along its lines, the Navy now is applying new operational tasks to its menu.
U.S. Secret Service officials are establishing two new cybercrime task forces—in Cincinnati and Denver—that will enhance the agency’s ability to detect and investigate information technology-related crimes, including credit card theft, attacks on the banking and finance infrastructure and identity fraud.
A Department of Homeland Security program is automating the cyber attack detection process to manage the bulk of intrusion detection and mitigation work in real time across the entire civilian government. This effort addresses a long-time shortcoming for detecting attacks and intrusions into government computer networks. Traditionally, this activity has been a time-consuming and manpower-intensive process that would take place days or weeks after the incident.
NATO’s efforts to defend against terrorism now are focusing on cyberspace as a tool of terrorists instead of merely as a vulnerability for striking at alliance nations and their critical infrastructure. These efforts cover aspects of cyber exploitation that range from understanding terrorists’ behavior to how they might use social media.
The nation’s critical infrastructure and industrial-control systems have become such potential high-value targets for terrorists that their vulnerability threatens the fabric of society. And, as they increase in both importance and vulnerability, these systems cannot be protected using conventional information security measures.
The U.S. Defense Department launched a new competition to promote cybersecurity education and training in the nation’s military service academies. Beginning last November, the three service academies created teams to compete in the Service Academy Cyber Stakes, which culminated in a major interschool event held over the weekend of February 1-2 at the Carnegie Mellon campus in Pittsburgh.